pwn 0.4.502 → 0.4.503

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +2 -2
  3. data/bin/pwn_android_war_dialer +29 -6
  4. data/bin/pwn_arachni +29 -4
  5. data/bin/pwn_fuzz_net_app_proto +8 -1
  6. data/bin/pwn_perimeter_recon +9 -1
  7. data/bin/pwn_sast +9 -2
  8. data/bin/pwn_simple_http_server +11 -1
  9. data/lib/pwn/plugins/bus_pirate.rb +10 -12
  10. data/lib/pwn/plugins/github.rb +5 -1
  11. data/lib/pwn/plugins/packet.rb +61 -19
  12. data/lib/pwn/plugins/rfidler.rb +9 -11
  13. data/lib/pwn/version.rb +1 -1
  14. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 8e6a9cadce0579fb5fae8d210d13e9d3be8693978ed49f309f911e21d2369465
4
- data.tar.gz: 25614e923ad9677ba7b281eb6efc4f1b7b5c4bd4fd7eb1d1729665c3cd8f769b
3
+ metadata.gz: b596bbfaab1c2c5442b6be7e46c63fa7b2d9b7c3daa370bc8cfdea68b7e0e039
4
+ data.tar.gz: 79137ee35bdb6a599eba227124da98567776d6dec5593f8b44681fa95f543f2f
5
5
  SHA512:
6
- metadata.gz: d619efe1e91a920ae8f2155ee42627668a9c61b559352e82746a2eced1472e6d5c45304729b9efce166aa0f4e23d1707bb8485903c99c1d791dca2113480b0d4
7
- data.tar.gz: 67e549838acfc45e4658e2bcccf030755a7bb9a12201f15fbd94503e1bcbdaa8dfbad333607a80780c462ba6485c698eda4ca272c873e110949466ccedc90901
6
+ metadata.gz: ac749d01182f84dc41213be5d947d7f5ed18d4b35397ebebffe470a9f7cbd175d42d6b3e36f20274bac7565348659ceca01fa21af66af934d1cc4a79263e745e
7
+ data.tar.gz: 2cd0bbfe6ab55336a62a878b8b55c503f345c46c5cb2b7648fc39761d45b08f045c3ff4426cc6f734350ce5ef03988e08b7125d5e18e89f888f43434ab864eeb
data/README.md CHANGED
@@ -37,7 +37,7 @@ $ rvm use ruby-3.1.2@pwn
37
37
  $ rvm list gemsets
38
38
  $ gem install --verbose pwn
39
39
  $ pwn
40
- pwn[v0.4.502]:001 >>> PWN.help
40
+ pwn[v0.4.503]:001 >>> PWN.help
41
41
  ```
42
42
 
43
43
  [![Installing the pwn Security Automation Framework](https://raw.githubusercontent.com/0dayInc/pwn/master/documentation/pwn_install.png)](https://youtu.be/G7iLUY4FzsI)
@@ -52,7 +52,7 @@ $ rvm use ruby-3.1.2@pwn
52
52
  $ gem uninstall --all --executables pwn
53
53
  $ gem install --verbose pwn
54
54
  $ pwn
55
- pwn[v0.4.502]:001 >>> PWN.help
55
+ pwn[v0.4.503]:001 >>> PWN.help
56
56
  ```
57
57
 
58
58
 
data/bin/pwn_android_war_dialer CHANGED
@@ -91,11 +91,18 @@ begin
91
91
  # Record Call
92
92
  pid_to_kill = 0
93
93
  wav_file = "#{wav_archive}/#{target_num}-#{start_timestamp}.wav"
94
- sox_params = "-d #{wav_file} trim 0 #{seconds_to_record}"
95
94
 
96
95
  puts red
97
96
  puts "Recording Duration: #{seconds_to_record}s"
98
- system(sox_bin, sox_params)
97
+ system(
98
+ sox_bin,
99
+ '-d',
100
+ wav_file,
101
+ 'trim',
102
+ '0',
103
+ seconds_to_record.to_s
104
+ )
105
+
99
106
  puts 'Complete.'
100
107
  puts end_of_color
101
108
 
@@ -109,11 +116,27 @@ begin
109
116
 
110
117
  puts cayan
111
118
  puts 'Generating Audio Spectrogram...'
112
- sox_params = "#{wav_file} -n spectrogram -o #{wav_file}-spectrogram.png -d #{seconds_to_record}"
113
- system(sox_bin, sox_params)
119
+ system(
120
+ sox_bin,
121
+ wav_file,
122
+ '-n',
123
+ 'spectrogram',
124
+ '-o',
125
+ "#{wav_file}-spectrogram.png",
126
+ '-d',
127
+ seconds_to_record.to_s
128
+ )
129
+
114
130
  puts 'Generating Audio Waveform...'
115
- waveform_params = "-c '#FF0000' -b '#000000' -F #{wav_file} #{wav_file}-waveform.png"
116
- system(waveform_bin, waveform_params)
131
+ system(
132
+ waveform_bin,
133
+ '-c',
134
+ '#FF0000',
135
+ '-b',
136
+ '#000000',
137
+ '-F',
138
+ "#{wav_file} #{wav_file}-waveform.png"
139
+ )
117
140
  puts 'Complete.'
118
141
  puts end_of_color
119
142
 
data/bin/pwn_arachni CHANGED
@@ -117,14 +117,39 @@ begin
117
117
  end
118
118
 
119
119
  # Kick off scan as defined by pwn_arachni flags
120
- system("sudo /bin/bash --login -c \"#{arachni_cmd_str}\"")
120
+ system(
121
+ 'sudo',
122
+ '/bin/bash',
123
+ '--login',
124
+ '-c',
125
+ arachni_cmd_str
126
+ )
121
127
 
122
128
  # Report Scan Results
123
- system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip\"")
124
- system("sudo /bin/bash --login -c \"arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json\"")
129
+ system(
130
+ 'sudo',
131
+ '/bin/bash',
132
+ '--login',
133
+ '-c',
134
+ "arachni_reporter #{output_dir}/arachni_results.afr --reporter=html:outfile=#{output_dir}/arachni_results.html.zip"
135
+ )
136
+
137
+ system(
138
+ 'sudo',
139
+ '/bin/bash',
140
+ '--login',
141
+ '-c',
142
+ "arachni_reporter #{output_dir}/arachni_results.afr --reporter=json:outfile=#{output_dir}/arachni_results.json"
143
+ )
125
144
 
126
145
  # Unzip Results in Output Dir
127
- system("sudo /bin/bash --login -c \"cd #{output_dir} && unzip -o arachni_results.html.zip\"")
146
+ system(
147
+ 'sudo',
148
+ '/bin/bash',
149
+ '--login',
150
+ '-c',
151
+ "cd #{output_dir} && unzip -o arachni_results.html.zip"
152
+ )
128
153
  rescue StandardError, SystemExit, Interrupt => e
129
154
  raise e
130
155
  ensure
data/bin/pwn_fuzz_net_app_proto CHANGED
@@ -145,5 +145,12 @@ if start_reporting_server
145
145
  end
146
146
  puts "For Scan Results Navigate to: http://127.0.0.1:#{listen_port}/pwn_fuzz_net_app_proto.html"
147
147
  simple_http_server_params = "-i #{listen_ip} -p #{listen_port}"
148
- system("cd #{dir_path} && pwn_simple_http_server #{simple_http_server_params}")
148
+ Dir.chdir(dir_path)
149
+ system(
150
+ 'pwn_simple_http_server',
151
+ '-i',
152
+ listen_ip,
153
+ '-p',
154
+ listen_port.to_s
155
+ )
149
156
  end
data/bin/pwn_perimeter_recon CHANGED
@@ -218,7 +218,15 @@ unless nmap_path == ''
218
218
  # Eyewitness Nmap XML Results
219
219
  unless eyewitness_path == ''
220
220
  print "#{@green}Eyewitness Nmap XML Results...#{@end_of_color}"
221
- system("#{eyewitness_path} -x '#{nmap_xml_results}' -d '#{output_dir}/#{nmap_target}-#{@runtime_timestamp}' --no-prompt --all-protocols")
221
+ system(
222
+ eyewitness_path,
223
+ '-x',
224
+ nmap_xml_results,
225
+ '-d',
226
+ "#{output_dir}/#{nmap_target}-#{@runtime_timestamp}",
227
+ '--no-prompt',
228
+ '--all-protocols'
229
+ )
222
230
  end
223
231
 
224
232
  PWN::Plugins::NmapIt.parse_xml_results(xml_file: nmap_xml_results) do |xml|
data/bin/pwn_sast CHANGED
@@ -147,7 +147,7 @@ begin
147
147
 
148
148
  # Start Simple HTTP Server (If Requested)
149
149
  if start_reporting_server
150
- listen_port = Random.rand(1_025..65_535)
150
+ listen_port = Random.rand(1_025..65_535).to_s
151
151
 
152
152
  if pwn_provider == 'docker'
153
153
  listen_ip = '0.0.0.0'
@@ -156,7 +156,14 @@ begin
156
156
  end
157
157
 
158
158
  puts "For Scan Results Navigate to: http://127.0.0.1:#{listen_port}/pwn_scan_git_source.html"
159
- system("cd #{dir_path} && pwn_simple_http_server -i #{listen_ip} -p #{listen_port}")
159
+ Dir.chdir(dir_path)
160
+ system(
161
+ 'pwn_simple_http_server',
162
+ '-i',
163
+ listen_ip,
164
+ '-p',
165
+ listen_port
166
+ )
160
167
  end
161
168
  rescue SystemExit, Interrupt
162
169
  puts "\nGoodbye."
data/bin/pwn_simple_http_server CHANGED
@@ -35,7 +35,17 @@ else
35
35
  end
36
36
 
37
37
  begin
38
- system("thin start --adapter file --address #{bind_ip} --port #{port} --threaded --debug")
38
+ system(
39
+ 'thin',
40
+ 'start',
41
+ '--adapter file',
42
+ '--address',
43
+ bind_ip,
44
+ '--port',
45
+ port.to_s,
46
+ '--threaded',
47
+ '--debug'
48
+ )
39
49
  rescue RuntimeError
40
50
  puts "WARNING: Service Already Listening on TCP #{port}..."
41
51
  port = Random.rand(1_025..65_535)
data/lib/pwn/plugins/bus_pirate.rb CHANGED
@@ -8,7 +8,6 @@ module PWN
8
8
  module BusPirate
9
9
  # Supported Method Parameters::
10
10
  # PWN::Plugins::BusPirate.connect_via_screen(
11
- # screen_bin: 'optional - defaults to /usr/bin/screen'
12
11
  # block_dev: 'optional - serial block device path (defaults to /dev/ttyUSB0)'
13
12
  # )
14
13
 
@@ -17,19 +16,19 @@ module PWN
17
16
  opts[:block_dev].to_s
18
17
  )
19
18
 
20
- block_dev = '/dev/ttyUSB0' if opts[:block_dev].nil?
21
-
22
- if opts[:screen_bin].nil?
23
- screen_bin = '/usr/bin/screen'
24
- else
25
- screen_bin = opts[:screen_bin].to_s.strip.chomp.scrub
26
- end
19
+ block_dev ||= '/dev/ttyUSB0'
27
20
 
21
+ screen_bin = '/usr/bin/screen'
28
22
  raise "ERROR: #{screen_bin} not found." unless File.exist?(screen_bin)
29
23
 
30
- screen_params = "#{block_dev} 115200 8 N 1"
31
- screen_cmd = "#{screen_bin} #{screen_params}"
32
- system(screen_cmd)
24
+ system(
25
+ screen_bin,
26
+ block_dev,
27
+ '115200',
28
+ '8',
29
+ 'N',
30
+ '1'
31
+ )
33
32
  rescue StandardError => e
34
33
  raise e
35
34
  end
@@ -120,7 +119,6 @@ module PWN
120
119
  public_class_method def self.help
121
120
  puts "USAGE:
122
121
  #{self}.connect_via_screen(
123
- screen_bin: 'optional - defaults to /usr/bin/screen'
124
122
  block_dev: 'optional serial block device path (defaults to /dev/ttyUSB0)'
125
123
  )
126
124
 
data/lib/pwn/plugins/github.rb CHANGED
@@ -95,7 +95,11 @@ module PWN
95
95
  next if Dir.exist?(clone_dir)
96
96
 
97
97
  print "Cloning: #{clone_uri}..."
98
- system('git', 'clone', clone_uri)
98
+ system(
99
+ 'git',
100
+ 'clone',
101
+ clone_uri
102
+ )
99
103
  puts 'complete.'
100
104
  end
101
105
 
data/lib/pwn/plugins/packet.rb CHANGED
@@ -1107,31 +1107,73 @@ module PWN
1107
1107
  my_os = PWN::Plugins::DetectOS.type
1108
1108
  case my_os
1109
1109
  when :linux
1110
- ipfilter = 'sudo iptables'
1111
- chain_action = '-C'
1112
- ipfilter_rule = "OUTPUT --protocol tcp --source #{pkt.ip_saddr} --destination #{pkt.ip_daddr} --destination-port #{pkt.tcp_dst} --tcp-flags RST RST -j DROP"
1113
-
1114
- ipfilter_cmd = "#{ipfilter} #{chain_action} #{ipfilter_rule}"
1115
-
1116
- unless system(ipfilter_cmd, out: File::NULL, err: File::NULL)
1117
- chain_action = '-A'
1118
- ipfilter_cmd = "#{ipfilter} #{chain_action} #{ipfilter_rule}"
1119
-
1110
+ system_resp = system(
1111
+ 'sudo',
1112
+ 'iptables',
1113
+ '-C',
1114
+ 'OUTPUT',
1115
+ '--protocol',
1116
+ 'tcp',
1117
+ '--source',
1118
+ pkt.ip_saddr,
1119
+ '--destination',
1120
+ pkt.ip_daddr,
1121
+ '--destination-port',
1122
+ pkt.tcp_dst.to_s,
1123
+ '--tcp-flags',
1124
+ 'RST',
1125
+ 'RST',
1126
+ '-j',
1127
+ 'DROP',
1128
+ out: File::NULL,
1129
+ err: File::NULL
1130
+ )
1131
+
1132
+ unless system_resp
1120
1133
  puts 'Preventing kernel from misbehaving when manipulating packets.'
1121
- puts 'Creating the following iptables rule:'
1122
- puts ipfilter_cmd
1123
- system(ipfilter_cmd)
1124
-
1125
- puts "Be sure to delete iptables rule, once completed. Here's how:"
1126
- chain_action = '-D'
1127
- ipfilter_cmd = "#{ipfilter} #{chain_action} #{ipfilter_rule}"
1128
- puts ipfilter_cmd
1134
+ system(
1135
+ 'sudo',
1136
+ 'iptables',
1137
+ '-A',
1138
+ 'OUTPUT',
1139
+ '--protocol',
1140
+ 'tcp',
1141
+ '--source',
1142
+ pkt.ip_saddr,
1143
+ '--destination',
1144
+ pkt.ip_daddr,
1145
+ '--destination-port',
1146
+ pkt.tcp_dst.to_s,
1147
+ '--tcp-flags',
1148
+ 'RST',
1149
+ 'RST',
1150
+ '-j',
1151
+ 'DROP'
1152
+ )
1129
1153
  end
1130
1154
 
1131
1155
  pkt.recalc
1132
1156
  pkt.to_w(iface)
1133
1157
 
1134
- system(ipfilter, "-D #{ipfilter_rule}")
1158
+ system(
1159
+ 'sudo',
1160
+ 'iptables',
1161
+ '-D',
1162
+ 'OUTPUT',
1163
+ '--protocol',
1164
+ 'tcp',
1165
+ '--source',
1166
+ pkt.ip_saddr,
1167
+ '--destination',
1168
+ pkt.ip_daddr,
1169
+ '--destination-port',
1170
+ pkt.tcp_dst.to_s,
1171
+ '--tcp-flags',
1172
+ 'RST',
1173
+ 'RST',
1174
+ '-j',
1175
+ 'DROP'
1176
+ )
1135
1177
  # when :osx
1136
1178
  # ipfilter = 'pfctl'
1137
1179
  # ipfilter_rule = "block out proto tcp from #{pkt.ip_saddr} to #{pkt.ip_daddr} port #{pkt.tcp_dst} flags R"
data/lib/pwn/plugins/rfidler.rb CHANGED
@@ -7,7 +7,6 @@ module PWN
7
7
  module RFIDler
8
8
  # Supported Method Parameters::
9
9
  # PWN::Plugins::RFIDler.connect_via_screen(
10
- # screen_bin: 'optional - defaults to /usr/bin/screen'
11
10
  # block_dev: 'optional - serial block device path (defaults to /dev/ttyUSB0)'
12
11
  # )
13
12
 
@@ -17,18 +16,18 @@ module PWN
17
16
  )
18
17
 
19
18
  block_dev = '/dev/ttyUSB0' if opts[:block_dev].nil?
20
-
21
- if opts[:screen_bin].nil?
22
- screen_bin = '/usr/bin/screen'
23
- else
24
- screen_bin = opts[:screen_bin].to_s.strip.chomp.scrub
25
- end
19
+ screen_bin = '/usr/bin/screen'
26
20
 
27
21
  raise "ERROR: #{screen_bin} not found." unless File.exist?(screen_bin)
28
22
 
29
- screen_params = "#{block_dev} 9600 8 N 1"
30
- screen_cmd = "#{screen_bin} #{screen_params}"
31
- system(screen_cmd)
23
+ system(
24
+ screen_bin,
25
+ block_dev,
26
+ '9600',
27
+ '8',
28
+ 'N',
29
+ '1'
30
+ )
32
31
  rescue StandardError => e
33
32
  raise e
34
33
  end
@@ -46,7 +45,6 @@ module PWN
46
45
  public_class_method def self.help
47
46
  puts "USAGE:
48
47
  #{self}.connect_via_screen(
49
- screen_bin: 'optional - defaults to /usr/bin/screen'
50
48
  block_dev: 'optional serial block device path (defaults to /dev/ttyUSB0)'
51
49
  )
52
50
 
data/lib/pwn/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module PWN
4
- VERSION = '0.4.502'
4
+ VERSION = '0.4.503'
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.502
4
+ version: 0.4.503
5
5
  platform: ruby
6
6
  authors:
7
7
  - 0day Inc.